PowerShell 5.0 logging in Windows 7 (WMF 5.0 problems)

Hello,

I've been trying to enable PowerShell  logging in Windows 7, without success.

I got a computer that has the following features:

  • .NET 4.6
  • WMF 5.0
  • PowerShell 5.0

I came to the realisation that I needed PowerShell logging after reading this article by FireEye:

https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html

The article guided me through the step of enabling PowerShell logging:

  • uninstall WMF 5.0
  • install WMF 4.0
  • install WMF 5.0

After installing WMF 4.0, a Windows PowerShell option added at my GPO setting, as mentioned in the article, but only contained "Turn on Module Logging", "Turn on Script Execution" and "Set the default source path for Update-Help".

I thought that the other settings ("Turn on PowerShell Script Block Logging" and "Turn on PowerShell Transcription") , which interested me the most, will be added after i'll install WMF 5.0 again.

After installing WMF 5.0 - the option in the GPO disappeared! 

Not only that the wanted options has not been added - the whole container disappeared - including the first 3 options.

Although the Module logging option, which I enabled after the WMF 4.0 installation,  disappeared, there was still Module Logging events created in the event viewer. meaning, the feature is still enabled, but i can't see or change it.

I tried the same on a different, virtual machine, but ended up have to deal with installation problems with WMF 5.0.

I also tried adding the registry keys and values on both of the machines - but without success.

I got a couple of questions:

  1. Is there a way to enable PowerShell logging as a standalone service (without uninstalling WMF 5)?
  2. Why are those options disappearing when installing WMF 5?

Thank you!!

 

Question Info


Last updated March 19, 2018 Views 93 Applies to:

Hi,

To better assist you with your questions, see this link.

Let us know how it goes.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi,

There is no mention of windows 7 in this link.

Did you meant that i need to install some package from it?

If so, which one?

I would be glad if you elaborate.

Thanks.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

To resolve your concern, we suggest that you post your query on this forum.

Regards.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.